A systematic approach to develop an autopilot sensor monitoring system for autonomous delivery vehicles based on the STPA method

2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2022-10-01 DOI:10.1109/ISSREW55968.2022.00087

Guangshuang Ge, Liangliang Sun, Yanfu Li

{"title":"A systematic approach to develop an autopilot sensor monitoring system for autonomous delivery vehicles based on the STPA method","authors":"Guangshuang Ge, Liangliang Sun, Yanfu Li","doi":"10.1109/ISSREW55968.2022.00087","DOIUrl":null,"url":null,"abstract":"Autonomous delivery vehicles (ADVs) are derivatives of autonomous driving technology. With the rapid development of autonomous driving technology and the rapid rise in demand for terminal logistics and distribution, ADVs have gradually entered commercial operation in many cities, thus it brings higher requirements to the reliability of ADVs. Because of bill of material (BOM) cost pressure, most autopilot sensors and domain controllers of ADVs are not strictly follow passenger vehicle standards and regulations, the ADVs' reliability is very critical. The traditional methods of process hazard analysis (PHA) e.g. HAZOPs, FMEAs, FT A, etc., use a system divide approach. The to be analyzed system is breaking down into component level, and the risks or hazard of each component are analyzed separately. The two important assumptions of the traditional methods are: 1. the system's properties are not changed when it is broken down into component level; 2. the accidents are caused by component failures. However, in an ADV, the system becomes complex since the system effects may be missed, and this assumption is questionable; further, an ADV accidents can happen even there is no component failure. The system level hazard analysis cannot be fully determined only at the component level, but out of interactions of systems. Systems Theoretic Process Analysis (STP A) is a structured system level approach to analyze hazard. Based on the premise that accidents happen when the control is inadequate or lost, STPA approach decodes hazards related not only to component failures, but also to design errors, flawed controller requirements, interaction failures, human errors, and other errors. In this paper, the STPA method is used to analyze various risks and hazards of ADVs, and finally construct an abnormality monitoring system for autonomous driving sensors. Engineering practice shows that this method can effectively monitor the abnormality of sensor data links.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"123 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW55968.2022.00087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Autonomous delivery vehicles (ADVs) are derivatives of autonomous driving technology. With the rapid development of autonomous driving technology and the rapid rise in demand for terminal logistics and distribution, ADVs have gradually entered commercial operation in many cities, thus it brings higher requirements to the reliability of ADVs. Because of bill of material (BOM) cost pressure, most autopilot sensors and domain controllers of ADVs are not strictly follow passenger vehicle standards and regulations, the ADVs' reliability is very critical. The traditional methods of process hazard analysis (PHA) e.g. HAZOPs, FMEAs, FT A, etc., use a system divide approach. The to be analyzed system is breaking down into component level, and the risks or hazard of each component are analyzed separately. The two important assumptions of the traditional methods are: 1. the system's properties are not changed when it is broken down into component level; 2. the accidents are caused by component failures. However, in an ADV, the system becomes complex since the system effects may be missed, and this assumption is questionable; further, an ADV accidents can happen even there is no component failure. The system level hazard analysis cannot be fully determined only at the component level, but out of interactions of systems. Systems Theoretic Process Analysis (STP A) is a structured system level approach to analyze hazard. Based on the premise that accidents happen when the control is inadequate or lost, STPA approach decodes hazards related not only to component failures, but also to design errors, flawed controller requirements, interaction failures, human errors, and other errors. In this paper, the STPA method is used to analyze various risks and hazards of ADVs, and finally construct an abnormality monitoring system for autonomous driving sensors. Engineering practice shows that this method can effectively monitor the abnormality of sensor data links.

查看原文本刊更多论文

一种基于STPA方法的自动驾驶汽车传感器监控系统的系统开发方法

自动送货车辆(ADVs)是自动驾驶技术的衍生产品。随着自动驾驶技术的快速发展和终端物流配送需求的快速增长，自动驾驶汽车在许多城市逐渐进入商业运营，这对自动驾驶汽车的可靠性提出了更高的要求。由于物料清单(BOM)成本的压力，大多数自动驾驶汽车的传感器和域控制器并未严格遵循乘用车标准和法规，因此自动驾驶汽车的可靠性至关重要。传统的过程危害分析(PHA)方法，如HAZOPs, fmea, FT - A等，使用系统划分方法。将待分析系统分解为组件级，对每个组件的风险或危害分别进行分析。传统方法的两个重要假设是:1。将系统分解为组件级时，系统的属性不会改变;2. 这些事故是由部件故障引起的。然而，在ADV中，系统变得复杂，因为系统效应可能会被忽略，这种假设是值得怀疑的;此外，即使没有组件故障，ADV事故也可能发生。系统级危害分析不能仅在部件级上完全确定，而是在系统的相互作用下确定。系统理论过程分析(STP A)是一种结构化的系统级危险源分析方法。基于当控制不足或失去控制时发生事故的前提，STPA方法不仅解码与组件故障有关的危险，还解码与设计错误、有缺陷的控制器要求、交互故障、人为错误和其他错误有关的危险。本文采用STPA方法对自动驾驶汽车的各种风险和危害进行分析，最终构建自动驾驶传感器异常监测系统。工程实践表明，该方法能有效监测传感器数据链的异常情况。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量